Takashi Kajinami 185f28a3b4 Isolate project scope and system scope ... This change updates the default policies implemented in Heat, to follow the updated guideline[1] to implement SRBAC. The main change is that system users are no longer allowed to perform any operations about project-level resources like stacks, while project admin(*1) is still allowed to perform operations about project-level resources BEYOND project (like getting stacks for all projects by list stacks API). [1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#direction-change This also adds the test cases to validate reader role which was almost implemented in heat. (*1) If Keystone has an admin project defined, Heat checks an additional requirement that request context is scoped by that admin project. Change-Id: I943b3c1ce021cc05445b73fbc342b8386cf5bf6a		2023-06-28 18:38:59 +09:00
..
aws	Remove six and python 2.7 full support	2020-04-22 12:23:44 +02:00
cfn	[goal] Deprecate the JSON formatted policy file	2021-06-17 01:35:45 +08:00
middleware	Return HTTPBadRequest from circular dependency	2023-02-27 12:22:42 +00:00
openstack	Isolate project scope and system scope	2023-06-28 18:38:59 +09:00
__init__.py	Deploy healthcheck middleware as app instead of filter	2022-06-06 23:47:16 +09:00
versions.py	Remove six and python 2.7 full support	2020-04-22 12:23:44 +02:00